Re: Moving beyond "Reputation"--the Market View of Reality

[David Honig]

At 10:28 AM 11/26/01 -0500, Declan McCullagh wrote:
>It seems to me that reputation capital is a term that has limited
>value when applied to something as subjective as the areas above:
>having an article published in the editorial pages of the Wall Street
>Journal (or the Journal of Socialist Doctrine) may lower your
>reputation capital among some people and raise it among others. This
>is the nature of subjectivity.

Indeed, even when there are objective measures, all parties
may not agree because they may not agree on those measures.

If Alice Squirrel makes an alarm call and Bob Squirrel sees
a threat, but Charlie Squirrel doesn't see it, Bob and Charlie
will have different stats for Alice's alarm-call reputation.

But rep cap as an idea is surely *stronger* when you keep separate
numbers for different qualities -reliable vs. interesting posts,
for instance.  This is *necessary* since individuals vary greatly
within themselves.  Politicians with excellent reps on issue A
and mediocre reps on issue B, for instance.


Perhaps though authors should mention the *attribute* whose
reputation is estimated when its not obvious.  Similarly authors
should state *who* is doing the estimating when its not clear
its the author.


>Reputation capital is more valuable a term when describing traits that
>are less subjective. When dealing with an online ecash bank, you may
>want truthfulness and reliability and good customer service (for
>example), which are less subjective than "interesting political
>opinions."

But what counts as  "good customer service" varies by culture
and person, much like whether WSJ publication helps or hurts.

Re: Moving beyond "Reputation"--the Market View of Reality

[Declan McCullagh]

At 08:15 AM 11/26/2001 -0800, David Honig wrote, quoting me:
> >Reputation capital is more valuable a term when describing traits that
> >are less subjective. When dealing with an online ecash bank, you may
> >want truthfulness and reliability and good customer service (for
> >example), which are less subjective than "interesting political
> >opinions."
>
>But what counts as  "good customer service" varies by culture
>and person, much like whether WSJ publication helps or hurts.

True, in part, but it's far less subjective. We can measure GCS by 
time-to-answer-phone, number-of-busy-signals, etc. Other metrics, like 
is-your-bank-account-available-or-not, are even less subjective.

-Declan

RE: Denning's Geo-crypto

[Trei, Peter]

Curious. 4-5 years ago Denning and another associate (I 
forget who, it's in the archives :-) tried to market an authentication
scheme which purported to authenticate the location of a remote
user using GPS. 

The idea was that the user's machine would pick up the 
aggregate analog GPS signal available at it's location 
(either the regular, non-classified version or the 
high-precision classified signals), and transmit it to 
the server, which would use it to work out the 
location of the user - a user who was located at 
'Pentagon, third ring, fourth floor, Army segment' 
would be accorded different privilieges than one whose 
location decoded as 'Presidential Palace, Baghdad'.

I and several other list subscribers pointed out numerous
issues. Among them were:

1. GPS signals don't work well in buildings of substantial
construction, and the chance of them working at all in a 
TEMPEST shielded building are about zip.

2. There are numerous DOS attacks available - the GPS
signals are easily jammed. One amusing approach would
be to use GPS test equipment to generate signals 
appropriate for a different location (eg, Pyongyang) and
beam them at the site to be DOS'd. 

4. Conversely, an  attacker could use the same test equipment
to make it look like he's in the Pentagon, when he's actually
in Kandahar.

5. GPS is based on the relative time delays of signals from 
different satellites. Since network lag of hundreds of 
milliseconds must be accepted, anyone who can see 
the same set of satellites as the location to be spoofed 
can separate the signals from the different satellites, 
modify the lags appropriately, and remix to generate a
spoofed analog signal.


I sent these concerns to Denning, who replied that she
would address them only under NDA, which I declined to
enter.

This sounds an awful lot like old wine in new bottles. Many
of the same concerns arise.

Peter Trei
Disclaimer: The above represents only my personal 
opinions.

> --
> From: John Young[SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, November 22, 2001 2:06 PM
> To:   [EMAIL PROTECTED]
> Subject:  Denning's Geo-crypto
> 
> Time Magazine, November 26, 2001:
> 
> Denning's pioneering a new field she calls geo-encryption.
> Working with industry, Denning has developed a way to keep
> information undecipherable until it reaches its location, as
> determined by GPS satellites. Move studios, for example,
> have been afraid to release films digitally for the same reasons
> record companies hate Napster: once loose on the Internet,
> there's little to stop someone from posting the latest blockbuster
> DVD on the Web for all to see and download. With Denning's
> system, however, only subscribers in specified locations --
> such as movie theaters -- would be able to unscramble the
> data. The technology works as well for national security
> as it does for Harry Potter. Coded messages that the State
> Department sends to its embassies, for example, could only
> be deciphered in the embassy buildings themselves, greatly
> reducing the risk of interception.
> 
> For now, Denning says, terrorists "may want to bring down
> the power grid or the finance system, but it's still easier to
> blow up a building." If she's right, it's due in large part to her.

RE: Slashdot | McAfee Will Ignore FBI Spyware

[Trei, Peter]

A few years ago I coined the term 'espionage-enabled' to
describe the 'International' version of Lotus Notes, with it's
blabbing 88 of 128 bits of encryption keys wrapped with an
NSA supplied public key.

I guess it's time to label another product.

Peter Trei

> --
> From: Jim Choate[SMTP:[EMAIL PROTECTED]]
> Reply To: [EMAIL PROTECTED]
> Sent: Sunday, November 25, 2001 12:52 PM
> To:   [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject:  Slashdot | McAfee Will Ignore FBI Spyware
> 
> http://slashdot.org/yro/01/11/24/2324241.shtml
> -- 
> 
>  --
> 
> 
>  Day by day the Penguins are making me lose my mind.
> 
>  Bumper Sticker
> 
>The Armadillo Group   ,::;::-.  James Choate
>Austin, Tx   /:'/ ``::>/|/  [EMAIL PROTECTED]
>www.ssz.com.',  `/( e\  512-451-7087
>-~~mm-'`-```-mm --'-
> 
> 

RE: Ridiculous Airline Security Story N+1 and N+2...

[Trei, Peter]

Rohit (whom I know slightly) is too much a gentleman
to suggest that he may be being hit due to racial 
profiling.

Peter Trei

> --
> From: R. A. Hettinga[SMTP:[EMAIL PROTECTED]]
> Reply To: [EMAIL PROTECTED]
> Sent: Sunday, November 25, 2001 9:38 AM
> To:   [EMAIL PROTECTED]; [EMAIL PROTECTED];
> [EMAIL PROTECTED]
> Subject:  Ridiculous Airline Security Story N+1 and N+2...
> 
> 
> --- begin forwarded text
> 
> 
> Status:  U
> Delivered-To: [EMAIL PROTECTED]
> Date: Wed, 21 Nov 2001 22:44:04 -0800
> To: [EMAIL PROTECTED]
> From: Rohit Khare <[EMAIL PROTECTED]>
> Subject: Ridiculous Airline Security Story N+1 and N+2...
> Sender: [EMAIL PROTECTED]
> List-Id: Friends of Rohit Khare 
> 
> Executive Summary: I am near my limit of anger with the "random",
> "neutral" FAA passenger profiling algorithm. I have every reason to
> believe some programmer has coded some strictures into it which would
> truly offend American civil society if translated from mathematics
> back into the ugly politics from whence it came.
> 
> Soon after my last installment, I had to turn back around and fly out
> of Denver. They made me X-ray my *shoes*... This time, the problem
> was *too much* time on their hands. The second story is how I missed
> the last flight back home on Thanksgiving eve because the security
> supervisor wouldn't show up to process me at the gate in time. That
> snowballed into a series of Catch-22 situations trying to find a lost
> pair of glasses along the way.
> 
> First, Denver. A tip on avoiding the Disneyland-like lines at the two
> main X-ray posts -- even though, strictly speaking, that's an insult
> to Disneyland, since even they've instituted a take-a-number pass
> system for the most popular rides.
> 
> Rather than take the train to one of the outlying concourses, ignore
> the main signage and *walk* to Terminal A over a bridge on the
> ticketing level. That's the X-ray post to Continental, British, etc.
> Much less popular, even though many a savvy traveler knew that was
> the way around United's silly carryon sizer templates (Contintental's
> machines don't use them). Then take the train to wherever you really
> need to get to.
> 
> A co-worker and I arrived at DIA together, and I was able to purchase
> a new ticket, and even with the foolishness of fellow business
> travelers in stocking-feet waiting for their shoes back, I caught up
> with him in the same train car... he spent the entire time in United
> lines.
> 
> Now, for the real outrage.
> 
> Today, I was warned about massive Thanksgiving delays at Sea-Tac, so
> I cut short a beer with a buddy in Bellevue to race back two and a
> half hours in advance. I returned the car, picked up a boarding pass
> from a pliant robot kiosk, and got through security in a wink. Two
> hours in advance... no problem, right?
> 
> Well, I was a selectee, presumably since it was a one-way ticket. So
> I sat through yet another embarassing tearing-apart of my bags, and
> this time they found a pocket screwdriver. A promotional pen-style
> screwdriver that I've had for ten years (it's a NeXT repair shop :-)
> 
> 1. They think you are not allowed to board with a three-inch,
> 1/8-inch wide screwdriver.
> 
> 2. You are not allowed to ask the aircrew to hold it for you on the
> flight.
> 
> 3. You are not allowed to leave the selectee table until a "GSC"
> supervisor comes to look it over.
> 
> At this point, there's twenty minutes left tick-tock... now, the
> flight is almost completely boarded. You're still waiting. And now
> you suddenly realize you've lost your $400 prescription sunglasses.
> 
> 4. You keep all your metal -- everything -- in your jacket at all
> times, so that you can x-ray a jacket rather than begin to empty out
> pockets. Your sunglasses have fallen out at some checkpoint.
> 
> At this point, you start tracing back your steps. It's 7 minutes or
> so to push-back.
> 
> 5. If you leave the selectee table, you will have to be searched all
> over again when you return to the gate
> 
> 6. They do not have walkie-talkies to ask security if your glasses
> were stuck in the X-ray tunnel
> 
> 7. See #3: You are not allowed to leave at all until the mythical GSC
> arrives.
> 
> Finally, a GSC arrives. Two minutes or so to departure, you haven't
> been given any chance to run down and solve the mystery.
> 
> 8. The screwdriver must be confiscated or bags must be checked.
> 
> 9. Just because you have been flying with it all week means nothing.
> "We're supposed to randomly change what the FAA is looking for every
> day". Parse that, if you dare!
> 
> 10. Any carry-on bag may be gate-checked *except* those containing
> "forbidden carry-on items". Catch-22 #1.
> 
> So now you're finally free to run back to the X-ray post and miss your
> flight.
> 
> 11. With about fifteen uniformed personnel of various stripes
> (National Guard, Argenbright, Alaska, and United), none of the first
> half-dozen people you ask claims to kno

Re: Thoughts in proxy services.

[Trei, Peter]

[Ryan replied on the list to a private email I sent him. I'm
sending the original letter to provide context for his reply.]

Peter Trei

> --
> From: Trei, Peter
> Sent: Wednesday, November 21, 2001 10:15 AM
> To:   'Ryan Lackey'
> Subject:  RE: "quitting havenco", not quite!
> 
> 
> 
> --
> From: Ryan Lackey[SMTP:[EMAIL PROTECTED]]
> Sent: Tuesday, November 20, 2001 5:48 PM
> To:   Trei, Peter
> Cc:   '[EMAIL PROTECTED]'
> Subject:  Re: "quitting havenco", not quite!
> 
> > Ryan and the other HavenCo folks deserve *massive* kudos for this. 
> > (now, when is the HavenCo remailer going online? :-)
> 
> The remailer has been up since 16 September 2001, and was announced to
> this list among others.  http://remailer.havenco.com/
> 
> Oops! (more kudos to you!)
> 
> Followed by: (I have them for myself now, not commercial-grade yet)
> * Anonymizing proxy on Sealand, cover general traffic as well as
>   havenco-destination traffic.  Free and no ads to havenco-destination
>   sites; free and ads and rate-limiting to elsewhere, or subscription.
> 
> Now that Safeweb is down, this would be really nice. A suggestion:
> 
> Protecting traffic between the end-user and the proxy is as and 
> sometimes more important to the user as protecting the target
> user from the target web site.
> 
> Safeweb did this pretty well, using SSL between the user and
> safeweb, and rewriting the URLs as encrypted strings. (There was
> a javascript frame on the end users browser, but I'm sure you 
> know all that). Protecting the target URLs from observation is
> almost as important as protecting the content.
> 
> Thus, once Safeweb was going, an observer on the firewall 
> could find nothing except the volume of traffic between the 
> user and safeweb.
> 
> Of course, safeweb went tits-up, so their economic model (they
> were ad-supported) is questionable.
> 
> There are a couple other systems out there that are similar;
> www.the-cloak.com for one.
> 
> I've a small list of links on this, if it would be helpful. For 
> example: http://www.jmarshall.com/tools/cgiproxy/
> 
> Peter

Re: Moving beyond "Reputation"--the Market View of Reality

[Tim May]

On Monday, November 26, 2001, at 07:28 AM, Declan McCullagh wrote:

> Thanks, Tim, for posting an interesting essay. You say:

Thanks for the thanks. It's just a facet of what I've been thinking 
about for a long time. I was bored so I just dashed off the piece, more 
to help crystallize thoughts than to lay out a convincing case. If 
others are partly convinced, so much the better. If nothing else, it's 
my stake in the ground that "reputation capital" is the _wrong_ focus. 
Since it's thrown around a lot here, someone ought to point out the many 
limitations of the concept.

>> 2. When in fact different people have different assessments of some
>> agent's reputation. Thus suggesting strongly that reputation is not
>> something attached as simply as above.
>
> To expand on this: It seems that using "reputation capital" to
> describe a multifaceted information space such as even the most
> wretched of cypherpunks posters does not do that person justice. Even
> if someone is generally correct and truth-telling, he may also be
> immoral or a fan of invasive police measures or immature in debate or
> prone to violations of netiquette -- any of which might lower his
> reputation capital.
>
> Sure, one can say: let's just have a complicated reputation space
> (think an array of arrays) for each one of these characteristics. To
> use a silly example:
> * truthtelling [0-255]
> * maturity [0-255]
> * morality [0-255]
> * netiquette [0-255]
> * spelling [0-255]
> * etc.

This is not really an "array of arrays," just a garden variety n-space. 
And _not_ a vector space, because vector addition does not work. More of 
a tensor, in that the axes are independent.

(The canonical tensor being the stress-energy tensor for a solid 
material, for example. The stress in the X axis and the stress in the Y 
axis do NOT "vector sum" to some resultant stress.)

Anyway, I digress. I agree that a person may have various of these 
components. If I am betting on whether Alice will have few spelling 
mistakes in a post, I would look at her "spelling [0-255]" measure.


> But that quickly becomes burdensome to use as a shorthand.
>

Though the place we need shorthand is for ordinary human to human 
communication, and for this it is enough to just say "Alice is a poor 
speller" or "Declan writes good articles."

For a machine, maintaining such data bases is trivial. Not that I think 
this is especially useful.

Think of just one of these facets, one of the most important ones: 
credit worthiness.

Essentially, the basis of a bet on whether Bob will repay a loan.

> It seems to me that reputation capital is a term that has limited
> value when applied to something as subjective as the areas above:
> having an article published in the editorial pages of the Wall Street
> Journal (or the Journal of Socialist Doctrine) may lower your
> reputation capital among some people and raise it among others. This
> is the nature of subjectivity.

Which is why I balk at schemes to grade Cypherpunks posts on the basis 
of "reputation capital" (an idea which bubbles up every couple of years, 
though no one ever bothers to implement it).

Each person has his or her own idea of who they want to read, embodied 
in a) who they read vs. who they skim vs. who they hit "Delete" on, and 
b) their kill files. And who they write replies to.


>
> Reputation capital is more valuable a term when describing traits that
> are less subjective. When dealing with an online ecash bank, you may
> want truthfulness and reliability and good customer service (for
> example), which are less subjective than "interesting political
> opinions."
>>

The direction I'm going is all about digital money. My claim is that a 
belief ontology (risk, bets, futures, insurance, moneychanging, 
re-insurance, discounts, etc.) solves many if not all of the "thorny" 
problems often cited with digital money. The underlying mathematics, 
important as it is, just becomes another part of the calculation of 
beliefs.

It doesn't matter to me much that folks use the term "reputation 
capital" loosely to describe actual people...that's just wordage. More 
important is the application of probabalistic reasoning to digital 
economies.

Maybe I'll have something to show along these lines some day.

--Tim May

Health bill endangers civil rights

[Khoder bin Hakkin]

http://www.sfgate.com/cgi-bin/article.cgi?file=/c/a/2001/11/25/MN232750.DTL

 Health bill endangers civil rights

 The administration wants all 50 states to
 adopt a law allowing public health
 authorities to take over hospitals, seize
 drug supplies, quarantine people exposed to
 infectious pathogens, draft doctors to treat
 them, force patients to be vaccinated, and
 order police to restrain residents from
 leaving contaminated areas.
...
 Civil rights protections, however, are
 exactly what opponents find lacking. The
 kind of public health emergency that would
 trigger extraordinary powers for health
 officers is defined so broadly that it could
 include AIDS, HIV infection or a severe flu
 epidemic, said Tanya Ehrmann, director of
 public policy at the activist group AIDS
 Action in Washington, D.C.

 Annas said that under the legislation,
 people could be detained without a court
 order and isolated in stadiums or clinics
 without an adequate process to challenge
 the decision. The proposed law would also
 shield health officers from liability, along
 with anyone working at their direction, for
 deaths or health damage suffered by
 quarantined bioterror victims, he said.

 Under the measure, "if you kill people or
 hurt them, that's tough," said Annas, one
 of 10 New England health law scholars
 urging Thompson to change the draft law.
 "The families can't sue, nobody can sue."

Re: SBC says appointing Gore-for-pres chief as president "signals the importance of governmental matters to our company's ability to grow revenues"

[Jon Beets]

Oh great.. I wonder if this will improve relations or just make things worse
for those of us trying to compete with SBC on DSL?  Probably the latter...

Jon Beets
Pacer Communications

- Original Message -
From: "Declan McCullagh" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, November 26, 2001 9:24 AM
Subject: SBC says appointing Gore-for-pres chief as president "signals the
importance of governmental matters to our company's ability to grow
revenues"


> 11/19. SBC named William
> Daley its new President. Daley will report directly to SBC's
> Chairman and CEO Edward Whitacre.
>
> SBC is the incumbent local exchange carrier in California,
> Nevada, Texas, Oklahoma, Kansas, Arkansas, Missouri, Illinois,
> Michigan, Ohio, Wisconsin, and Indiana. SBC also holds a
> majority equity interest in Cingular Wireless.
>
> Daley was former President Bill Clinton's Secretary of
> Commerce from January 1997 to June 2000. He resigned in June 2000 to
become
> Chairman of former Vice President Al Gore's
> presidential campaign. Whitacre stated in a release that "His appointment
> as president of SBC signals the
> importance of governmental matters to our company's ability to
> grow revenues ..."
>
> release:
> http://www.sbc.com/News_Center/1,3950,31,00.html?query=2009-1

Jim this is the hot stock tip - shhh - it should triple over next 72 hours

[e6727]

Diversified Product Inspections Inc.  (OTCBB: DPRI)

Immediate & Strong BUY Recommendation

Huge Analyst and Newsletter Coverage for DPRI   

DPRI will be profiled by some major analysts and
newsletters along with the release of significant
news regarding explosive sales for the Company.
There will be huge volume and a strong increase in
price for several days. The same groups that featured
CPTH will begin coverage on DPRI. CPTH exploded from
$ .55 to $3.05! We know for certain that the same
groups are going to feature DPRI and even better
returns are expected.

DPRI, a 10-year old fully-reporting company, is a
leading provider of independent product investigations,
air contamination, and fire investigations for the
Insurance Industry.  The demand for the Company's
services has exploded due to present US conditions,
with DPRI servicing over 50 major Insurance carriers.
This has led to significant Revenue for the Company.

We are very proud that we can share this information
with you so that you can make a profit out of it. It
is highly advisable to take a position in DPRI as soon
as possible, today before the market closes or tomorrow.

The stock could easily reach $4.00 in less than a month
on the strength of their upcoming contract announcements
and Strong Analyst Buy Recomendations.

When word gets out this stock will SOAR!

Declans testimony;Clone me!,

[mattd]

Hey measals,you shouldnt be called as a witless now the drumhead courts 
have got the nod.Living in amerikkka getting you down?

"Defenders of the US Constitution and the common law from which it grew are 
being classified on the same level as the bottom-feeding Skinheads, Nazis 
and the KKK. "

Re: HDCP break and DMCA

[Harmon Seaver]

 Kinko's got sued over selling the "student packets", there was a
big flap over it a few years ago in academia, but as I recall the end
result was that professors are more careful to have written permission
from the publishers in hand, and the packets are still being sold.
Most publishers are cooperating -- it's simply that the material is
in the library, the portions of the books used is not large enough that
students would buy them anyway -- as opposed to actual "textbooks" that
they do purchase, so it seems a reasonable "fair use" compromise. In
most of these cases the publishers realizer that they aren't going to
sell more books by refusing, the authors realize that they'll get more
exposure, more recognition, and the students don't have to spend hours
in the library waiting for someone else to finish copying the materials.

But as I said, most professors are being much more careful about
getting permission beforehand and most copy places are being more
careful about what they sell.
   At the biomedical library I worked at, the copiers only worked if you
had a special card, and only students and faculty had the cards, since
copying the medical texts and selling them to law firms and clinics
was/is a lucrative business and was a principal income for the library.
Don't know how the DMCA has affected them.

--
Harmon Seaver
CyberShamanix
http://www.cybershamanix.com

Re: HDCP break and DMCA

[Anonymous]

David Wagner writes:

> Given this risk, I've decided I cannot afford to continue to work in the
> area of copy protection as long as the uncertainty remains.  And how in
> good conscience can I advise students working with me to work in this
> troubled area?  I can't.

It's understandable that you would be concerned about the DMCA.
Niels Ferguson raised the same issues when he decided not to publish.

Why, then, did you go ahead with publication?  This is the part which
is hard to understand.  Niels decided not to publish, you and your
co-authors apparently came to the opposite conclusion.  Rhetorically
you are saying the same things as him, but your actions are different.
It would be interesting to hear more about how you reconcile the decision
to publish this result with the belief that the DMCA makes publication
in this field too risky.

DON'T DELAY! COLLEGE AID DEADLINES APPROACHING!!!! 20075

[c29665]

 

The Education Financial Aid/Scholarship E-Book




 
A Comprehensive Research Tool:
Links to over $50 Billion in education grants and scholarship programs.
Degree programs, cost and financial aid information for over 10,000 educational institutions. 
Links to the Federal and State Agencies governing Education Aid.
Guidelines to help you understand the Financial Aid Process. 
Details on the various Types of Aid available. 
Helpful tips on How, When and Where to apply. 
 


This valuable tool gives you fingertip access to research information and saves you months of research time.
It teaches you about numerous financial aid resources and how to use them 
to reach your educational goals.
Don't Delay!  The Key To Success Is - PLAN AHEAD! 
Invest In Your Future -Order TODAY!
A Limited Time Offer At This Amazing Low Price! Reg. $39.95 now only $24.95
CLICK HERE to visit our Web Site
GET AHEAD of the crowd -Secure your 2002 educational assistance.  
We apologize for any email you may have inadvertently received.
Please CLICK HERE to be removed from future mailings.








umEKkbuBTcjUTxnumgCU

Hi I am Wilma, and I have a dream. ... 611

[a22262]

Do you like Hot Beastie Sex? We have the super hot content on the Internet!
This is the site you have heard about. Rated the number one adult site three years in a row!
- Thousands of pics from hardcore fucking, and cum shots to pet on girl.

- Thousands videos

So what are you waiting for?

CLICK HERE


YOU MUST BE AT LEAST 18 TO ENTER!
=
To be removed from our "in house" mailing list CLICK HERE
and you will automatically be removed from future mailings.

You have received this email by either requesting more information
on one of our sites or someone may have used your email address.
If you received this email in error, please accept our apologies.
=

Re: Denning's Geo-crypto

[Sunder]

Um, rethorical question, but from my very limited understanding of GPS,
all the satelites do is send a series of time codes.  So if you wanted to
you could build several transmitters that sent out stuff on the same
frequenies.  Since you need to be outside to be able to use GPS, or at
least "see sky", that would imply that these signals are weak.  So
building something to spoof GPS should be relatively easy.

Seems to me that one could also easily build a system to "brute
force" through all possible positions on GPS.

Again, I emphasize "very limited understanding of GPS" :)

--Kaos-Keraunos-Kybernetos---
 + ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\
  \|/  :aren't security.  A |share them, you don't hang them on your/\|/\
<--*-->:camera won't stop a |monitor, or under your keyboard, you   \/|\/
  /|\  :masked killer, but  |don't email them, or put them on a web  \|/
 + v + :will violate privacy|site, and you must change them very often.
[EMAIL PROTECTED] http://www.sunder.net 

On Thu, 22 Nov 2001, Roy M. Silvernail wrote:

> On 22 Nov 2001, at 11:06, John Young wrote:
> 
> > Time Magazine, November 26, 2001:
> > 
> > Denning's pioneering a new field she calls geo-encryption.
> > Working with industry, Denning has developed a way to keep
> > information undecipherable until it reaches its location, as
> > determined by GPS satellites. 
> 
> Using a GPS coordinate set as keying material?  Hope it's just 
> additional keying material.  Knowing the intended destination of 
> something like a movie in transit to a theater seems pretty easy, 
> and the set of GPS coordinates encompassing your average 
> multiplex would seem to be pretty small compared to the usual 
> keyspaces discussed here.
> --
>Roy M. Silvernail [ ] [EMAIL PROTECTED]
> DNRC Minister Plenipotentiary of All Things Confusing, Software Division
> PGP Key 0x1AF39331 :  71D5 2EA2 4C27 D569  D96B BD40 D926 C05E
>  Key available from [EMAIL PROTECTED]
> I charge to process unsolicited commercial email

Antivirus software will ignore FBI spyware: solutions

[Tim May]

Some interesting tips (bottome of this message) for detecting FBI/SS
snoopware that NAI/McAfee is now assisting the FBI in installing. 

I especially like the idea of "type hundreds of random key strokes and
see which files increase in size." (Or just look for any file size
changes, as most of us type tens of thousands of keystrokes per day.)

The mathematical side of most encryption is vastly stronger than the
"crypto hygiene" side. There's a reason "code rooms" and "crypto
shacks" on military ships and bases have lots of hoops to jump through,
with locked boxes, double-keyed switches, controlled access, etc.  

Most users of PGP take no steps to secure key materials. (I plead
guilty, too.) Most of us are used to immediate access, and we want
crypto integrated with our mail. The notion of going to a locked safe,
taking out the laptop or removable hard drive, ensuring an "air gap"
between the decoding system and the Net, and checking for keyloggers
and hostile code, and so on, is foreign to most of us. 

The "dongle" idea (e.g., Dallas Semiconductor buttons, etc.) has been
around for a long time. Here's a new twist: the Apple iPod music
player. I just got one. A 4.6 GB hard disk (Toshiba 1.8"). Hooks up via
Firewire/IEEE 1394, with the link recharging the battery and
auto-linking. The disk can also be mounted as a standard Firewire disk.
Meaning, it could be used to store key material and even be used for
PGP scratch operations. The increased security comes from its small
size (easy to lock up) and because I usually have it with me when I am
away from home. This makes "sneak and peek" searches and plants of
malicious code less useful. Not a complete solution. Crypto hygiene and
all.

Here's the article:

> Path: 
>sjcpnn01.usenetserver.com!e420r-sjo4.usenetserver.com!sjcppf01!usenetserver.com!hub1.nntpserver.com!headwall.stanford.edu!newsfeed.stanford.edu!sn-xit-01!sn-post-01!supernews.com!news.supernews.com!not-for-mail
> From: Rastus P. Riley <[EMAIL PROTECTED]>
> Newsgroups: misc.survivalism
> Subject: Re: Antivirus software will ignore FBI spyware: solutions
> Date: Mon, 26 Nov 2001 12:37:27 -0800
> Organization: Posted via Supernews, http://www.supernews.com
> Message-ID: <[EMAIL PROTECTED]>

> 
> On 25 Nov 2001 21:48:28 GMT, [EMAIL PROTECTED] (phatmike) wrote:
> 
> >> According to the Washington Post, "At least one antivirus software company,
> >> McAfee Corp., contacted the FBI on Wednesday to ensure its software wouldn't
> >> inadvertently detect the bureau's snooping software and alert a criminal
> >> suspect."
> >> 
> >> http://www.washingtonpost.com/wp-dyn/articles/A1436-2001Nov22.html
> 
> 1.  Use a secure type of OS with login screen for every session
>  a.  Log out after every use
>  b.  If house invaded, Feds need to have initial login
>   password to insert trojan.
> 
> 2.  Use In/Out firewall
>  a.  Zone Alarm Pro
>  b.  Monitors in/out traffic
>   1.  If trojan tries to send data, then firewall will
>highlight it.
> 
> 3.  Always check for small programs by last accessed date.
>   a.  Uncheck hidden files
>   b.  Look for files that increase in size by testing with 300
>random keystrokes.
> 
> 4.  Use Proxies, don't run attatchments, don't use
>  Outbreak Express.
> 
> Hope this helps,
> 
> -Rastus

Re: Antivirus software will ignore FBI spyware: solutions

[Meyer Wolfsheim]

On Mon, 26 Nov 2001, Tim May wrote:

> Some interesting tips (bottome of this message) for detecting FBI/SS
> snoopware that NAI/McAfee is now assisting the FBI in installing.

According to a rebutal posted to Declan's list, McAfee.com (not the same
as McAfee) is claiming that neither it nor Network Associates is assisting
the FBI.

Regardless, the tips Tim mentions are certainly ones to practice. (Just
because an anti-virus company isn't cooperating with the FBI on this
doesn't mean its software will detect Magic Lantern. McAfee's position on
this should be irrelevant.)

-MW-

Re: CDR: Antivirus software will ignore FBI spyware: solutions

[Sunder]

Great and wonderful except:

1. If such spyware has already been installed on your system you can't
trust your os therefore:

a. It may use your OS to hide the key capture log, so you
   won't be able to just watch files.  Think of a kernel patch
   that removes all references to a specific file, not just
   sets it to be hidden.

b. It may use your OS to hide that the OS was altered if you
   decide to use a debugger by patching the debugger also, and
   when say "Finder" looks at the System file, it's really
   looking at the inactive original one, rather than the one
   that was patched. (or it could be an extension that hides
   itself and the capture file from the OS, etc.)

2. Any hard drive you can access so can they.  "They" can patch your
disk:

a. I'm not sure about newer MacOS's, but I remember that older
   MacOS's, those on 68k boxes stored driver code for the disk
   on one of the blocks on the drive, so even if your OS wasn't
   booted with the spyware, simply mounting that drive would
   load the driver, and anything that goes with it. 

   I had the experience of having such a driver getting corrupted
   back when I used a Mac. I recall I had to use special software
   to mount the disk without the old driver - actualy to just zap
   the old driver off the disk and replace it.

b. If the malware is on your hard drive, it can propagate like
   a virus to your iPod.  Sanitize your OS, only to have it
   come back when you hook up said iPod.

3. Newer G3+ Mac's use open boot prom or some such which lives in
eeprom.  Such things can be patched at that layer and can propagate on
bootup.  Booting off a read only disk (CDROM, etc) wouldn't help in this
case.

4. If you live in a crowded area, your iPod can be lifted off you
in a false mugging, or break in, pick pocketting while you're at a
restaurant, movie, etc.

5. Watching for files that change daily is a fool's task for the reasons
mentioned above, and the Sysiphean task it presents.  Better get the
equivalent of Cops or Tripwire to do the work for you, but they too can be
tampered with.  

6. If McAffee bent over to the Feds, you can be sure that so will the
makers of Zone Alarm and other firewalls.

7. Remember, they don't need to capture all your keystrokes.  Just the
ones you use as passphrases.  And they don't need to copy your whole hard
drive, though they easily could when you're out of the house.  Just your
secret key file and your passphrase.

8. If you shut off your computer when you leave your house, it makes their
job that much easier.  If you leave it on, they could note what's open and
put it back to the same spot.

9. If you use a login screen, etc, Or they could simply run something that
would take a snapshot of your desktop, shutdown your Mac, install the
malware/copy your files, then and boot off of a floppy that displays the
screen you left up, plus a Type 1 Bomb (MacOS equivalent of blue screen of
death), and eject the floppy thus - making it look like your Mac crashed,
or, simply go down to the basement and trip your circuit breakers making
it look like you've had a power failure (even UPS's run out at some
point.)

10. Ordered any new copies of a bit of software?  Maybe they have a deal
with FedEx, UPS, the Mailman.  Maybe what you're getting is the upgrade
and then some.  How can you tell that copy of SmallTalk doesn't carry an
extra bit of code just for you?  How can you tell that the latest patch to
MacOS you've just downloaded really came from Apple?  Sure DNS said it was
from ftp.apple.com but how do you know that the router upstream from your
internet provider didn't route your packets via ftp.fbi.gov?

Once they have physical access, you're fucked.  Remote access is almost as
dangerous as them having physical access, however it can work in your
favor as they won't be as familiar with your environment, and thus are far
more likely to expose the malware to you.

Sure, all of these things are more or less preventable, except for
physical access, and a lot of these come down to trust and reputation.  
But reputation and trust are also rubber hose-able (if there is such a
word.)  :)

You can trust your best friend until you find out otherwise.  You can
trust your bank until you find out otherwise.  You can trust your software
provider until you find out otherwise.  But by the time you've found out,
if you've found out at all, you've already been fucked.




--Kaos-Keraunos-Kybernetos---
 + ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\
  \|/  :aren't security.  A |share them, you don't hang them on your/\|/\
<--*-->:camera won't stop a |monitor, or under your keyboard, you   \/|\/
  /|\  :masked killer, but  |don't email them, or put them on a web  \|/
 + v + :will violate privac

Re: CDR: RE: True Names: And the Opening of the Cyberspace Frontier

[Todd Larason]

On 25 November 01, Lucky Green wrote:
> The page at Amazon. COM claims that the book in question will ship in
> December of this year. I seem to recall having read announcements in
> years past that the book would ship in the respective years. Methinks
> that a mere claim of a future ship date in 2001 may be considered
> insufficient proof that the condition of the wager has been met by at
> least one of the parties to the wager.

I've had it on order from Amazon since December 1998.  At the time,
Amazon listed it as shipping in February 1999.  Every few months since
then, they've moved the date ahead a few months.

I won't believe it till I have a copy in my hands.
--
Todd Larason | The gene pool has no lifeguard.
3500238865/p |
UIN: 6019543 |
AIM: FxyT1ts |



msg11647/pgp0.pgp
Description: PGP signature

Send money online worldwide + get 10$...

[Account Manager]

 

  
  

	
  Send money online to over 50 countries 
  around the world + get $10 
  
  
  
  

  1. Sign 
  UP.
   
  
  
  

  2. Choose 
  where the money comes from:    U.S. credit card or bank 
  account. 
   
  

  

  3. Tell us 
  where to send the money.
   
  
  
  
  

  4. WE email 
  the funds to U.S. recipients,    International 
  recipients receive a check    or direct bank account 
  deposit. 
   
  

  
  

  5. Check 
  your email for $10 from us. 
   
  

  

  Sign Up Now and get 10$. 
   
  * Major US Bank, Not a Western Union 
  

This is not "spam"! You are receiving this message as an opt-in 
subscriberTo our opt-in mailing list. If this is not the case, PLEASE accept 
our sincerestapologies and Click here to reply with 
"remove" in the subject line.We will remove your name immediately! 

 

Re: CDR: Antivirus software will ignore FBI spyware: solutions

[mmotyka]

Sunder <[EMAIL PROTECTED]> wrote :

>Great and wonderful except:
>
>1. If such spyware has already been installed on your system you can't
>trust your os therefore:
>[snip]
>
Yes - end of story.


>2. Any hard drive you can access so can they.  "They" can patch your
>disk:
>[snip]
>
The only way I can think of to prevent this is to have the disk
completely encrypted in which case you could safely give a copy to
anyone who wanted one. The BIOS shouldn't be trusted either. The problem
then is booting which could be done from some sort of card/dongle that
you carry with you that requires a (many digit)PIN before it
regurgitates your boot code.

>3. Newer G3+ Mac's use open boot prom or some such which lives in
>eeprom.  Such things can be patched at that layer and can propagate on
>bootup.  Booting off a read only disk (CDROM, etc) wouldn't help in this
>case.
>
Yup. Maybe a bootFLASH can be replaced with some SRAM which must be
downloaded from your key device before booting. Something like : power
up, hold processor in reset, remove boot SRAM from bus, load boot code,
switch boot memory to system bus, allow startup.

>4. If you live in a crowded area, your iPod can be lifted off you
>in a false mugging, or break in, pick pocketting while you're at a
>restaurant, movie, etc.
>
A physical device plus a PIN seems somewhat immune to that problem. In
fact you could keep multiple copies.

>5. Watching for files that change daily is a fool's task for the reasons
>mentioned above, and the Sysiphean task it presents.  Better get the
>equivalent of Cops or Tripwire to do the work for you, but they too can be
>tampered with.  
>
Mostly. 

>6. If McAffee bent over to the Feds, you can be sure that so will the
>makers of Zone Alarm and other firewalls.
>
Probably anything that is exported and some that aren't.

>7. Remember, they don't need to capture all your keystrokes.  Just the
>ones you use as passphrases.  And they don't need to copy your whole hard
>drive, though they easily could when you're out of the house.  Just your
>secret key file and your passphrase.
>
>8. If you shut off your computer when you leave your house, it makes their
>job that much easier.  If you leave it on, they could note what's open and
>put it back to the same spot.
>
Not if there is no code in the clear on the machine - no functional
BIOS, no usable HDD.

>9. If you use a login screen, etc, Or they could simply run something that
>would take a snapshot of your desktop, shutdown your Mac, install the
>malware/copy your files, then and boot off of a floppy that displays the
>screen you left up, plus a Type 1 Bomb (MacOS equivalent of blue screen of
>death), and eject the floppy thus - making it look like your Mac crashed,
>or, simply go down to the basement and trip your circuit breakers making
>it look like you've had a power failure (even UPS's run out at some
>point.)
>
With the BIOS and HDD encrypted off is safe.

Might be a neat little gizmo with a keypad. BIOS is encrypted on the
motherboard. Boot memory is SRAM that is lost when power is removed (
lost short of extreme detection measures that is ). The little gizmo
reads the encrypted BIOS, decrypts and transfers it to boot SRAM.

>10. Ordered any new copies of a bit of software?  Maybe they have a deal
>with FedEx, UPS, the Mailman.  Maybe what you're getting is the upgrade
>and then some.  How can you tell that copy of SmallTalk doesn't carry an
>extra bit of code just for you?  How can you tell that the latest patch to
>MacOS you've just downloaded really came from Apple?  Sure DNS said it was
>from ftp.apple.com but how do you know that the router upstream from your
>internet provider didn't route your packets via ftp.fbi.gov?
>
>Once they have physical access, you're fucked.  Remote access is almost as
>dangerous as them having physical access, however it can work in your
>favor as they won't be as familiar with your environment, and thus are far
>more likely to expose the malware to you.
>
>Sure, all of these things are more or less preventable, except for
>physical access, and a lot of these come down to trust and reputation.  
>But reputation and trust are also rubber hose-able (if there is such a
>word.)  :)
>
>You can trust your best friend until you find out otherwise.  You can
>trust your bank until you find out otherwise.  You can trust your software
>provider until you find out otherwise.  But by the time you've found out,
>if you've found out at all, you've already been fucked.
>
Maybe just installing an OS you got as a binary is all it takes to be
F'd. Maybe rebuilding that OS with an F'd compiler propagates the
effedness.

If you have everything encrypted until your key device readies it for
boot then you could run a F'd BIOS, OS and apps as long as you kept the
system isolated. Let it log all it wants. Sounds like a good sentence
for a Windows box.

Mike

OVER $50 BILLION IN EDUCATION AID.... 20962

[b24490]

 

The Education Financial Aid/Scholarship E-Book




 
A Comprehensive Research Tool:
Links to over $50 Billion in education grants and scholarship programs.
Degree programs, cost and financial aid information for over 10,000 educational institutions. 
Links to the Federal and State Agencies governing Education Aid.
Guidelines to help you understand the Financial Aid Process. 
Details on the various Types of Aid available. 
Helpful tips on How, When and Where to apply. 
 


This valuable tool gives you fingertip access to research information and saves you months of research time.
It teaches you about numerous financial aid resources and how to use them 
to reach your educational goals.
Don't Delay!  The Key To Success Is - PLAN AHEAD! 
Invest In Your Future -Order TODAY!
A Limited Time Offer At This Amazing Low Price! Reg. $39.95 now only $24.95
CLICK HERE to visit our Web Site
GET AHEAD of the crowd -Secure your 2002 educational assistance.  
We apologize for any email you may have inadvertently received.
Please CLICK HERE to be removed from future mailings.








V_pDihO\\mqt[OTmrKYSJfA

Re: mapping in the sierras and places west

[Jim Choate]

Magneto-tellurics

On Mon, 12 Nov 2001, Greg Broiles wrote:

> At 07:50 AM 11/12/2001 -0800, Major Variola (ret) wrote:
> >But you missed the mil 4-engine cargo-type plane towing a wire held
> >in a trailing Y config by two mil copters flying in tight formation
> >behind it,
> >circling SF.  Yes, I wouldn't have believed that was possible without
> >having seen it.
> >
> >Maybe they were mapping too.
> 
> They overflew San Jose and Santa Clara, too, headed westbound.
> 
> What would a trailing wire like that measure or receive? My limited 
> understanding of RF says it'd be good for picking up very low frequency 
> emissions or transmissions - but I don't know of any sources of those that 
> I'd expect to be of interest, other than those used by US subs and I'm sure 
> they have better ways to pick those up.


 --


 Day by day the Penguins are making me lose my mind.

 Bumper Sticker

   The Armadillo Group   ,::;::-.  James Choate
   Austin, Tx   /:'/ ``::>/|/  [EMAIL PROTECTED]
   www.ssz.com.',  `/( e\  512-451-7087
   -~~mm-'`-```-mm --'-

Re: Moving beyond "Reputation"--the Market View of Reality

[georgemw]

On 25 Nov 2001, at 19:30, David Honig wrote:

> At 03:05 PM 11/25/01 -0800, Tim May wrote:
> >For many years some of us have argued strongly for "reputation" as a 
> >core concept. Someone, perhaps even one of our own, even coined the 
> >phrase "reputation capital."
> 
> I recently posted how ground squirrels have rep cap.
> 

It was interesting, but unless I misread it (a distinct possibility)
the squirrels didn't really have something we'd call a reputation.
The squirrels would remember "that squirrel keeps claiming there's
a stuffed badger when there is no stuffed badger" and would
ignore his warnings, but a real reputation system would be more 
like a new squirrel shows up and the experienced squirrels
tell the new squirrel which squirrels are reliable and which aren't.
I don't think squirrels are capable of that.

The idea of a universal scalar reputation would be that every 
squirrel in the world has the same opinion of every other
squirrel's reliability. I don't think anything like that exists
in any species.

George


> >1. The assumption that an agent or actor possesses a "reputation." A 
> >kind of scalar number attached to a person, a bank, an institution, or 
> >even a nym.
> 
> Two kinds of entities: one maintains reputations, the other doesn't.
> Guess which is exploited to extinction? 
> 

But that's not the issue.  The point is that repution ins't a simple 
scalar i.e. one can have a repuation as being highly informed in
certain circles and be considered a complete nutter in others,
or considered extremely well informed on certain topics and
woefully misinformed on others.  Even a reputation for morality 
implies conforming to a specific idea as to what moral behavior is.

George
> ...
> 
> Again CPunks -or other analysts- are not *advocating* nearly as much as some 
> might like to believe; instead IMHO there is a public discussion
> going on about essentially inevitable trends we've observed.

Re: Pay to Play in Information Markets

[Jim Choate]

On Mon, 19 Nov 2001, Nomen Nescio wrote:

> This has been a long debate among hard-core capitalist types who want
> to see everything have a price. 

Ask them how much they'd charge to change their view...

> In a voluntary system for exchanging
> and publishing information, who should pay and who should be paid?

This is silly. Both participants are 'sellers' from the others
perspective. Both are 'buyers' from their own perspective.


 --


 Day by day the Penguins are making me lose my mind.

 Bumper Sticker

   The Armadillo Group   ,::;::-.  James Choate
   Austin, Tx   /:'/ ``::>/|/  [EMAIL PROTECTED]
   www.ssz.com.',  `/( e\  512-451-7087
   -~~mm-'`-```-mm --'-

Re: Pricing Mojo, Integrating PGP, TAZ, and D.C. Cypherpunks

[georgemw]

On 20 Nov 2001, at 22:54, Greg Broiles wrote:


> Very early in its lifetime, the Autonomous Zones/Mojo Nation people said 
> that maybe Mojo would someday be exchangable with real cash, though the 
> assumption was that during the early stages of software development, people 
> were playing with worthless currency for proof-of-concept, and that at some 
> point the old Mojo would be useless or disabled, and people would start 
> using New Mojo instead, where New Mojo might have real value.
> 

Here's my recollection as to how this was supposed to work:
1) people who participated in the beta got free mojo as a
reward for participating (they'd keep their mojo when the
beta period was over)
2) In the non-beta, people would have to pay (or something)
to get a starting stash of mojo
3) I don't think the "Evil Geniuses" ever expected to act as 
mojo-cash brokers; rather, anyone who had a supply of
cash and mojo could act as a cash-mojo broker, and mojo
would find its own price. 


> 
> And that problem seems to be at the center of Nomen Nescio's sotto voce 
> suggestion that some unnamed cypherpunks work up a currency which can be 
> used to "pay" people for providing information which is of value - I get 
> the impression that s/he is imagining some magic fairy would mint up piles 
> of the currency, and assign it equally to every subscriber, who would then 
> be empowered to pay it to the content providers they liked best.
> 
> That's very warm and fuzzy and hippy-like, but if these tokens are handed 
> out for free, then what, exactly, is their value?
>

Right. If the tokens are EVER going to be worth anything, there
can't be a way to accumulate then for free.  If people have this
psychological block against paying "real money" for tokens,
maybe it's a good idea to make them trade CPU time for them
in one of the seti-like projects.  Somebody mentioned something 
about one involving protein-folding that sounded like it might 
actually be useful. 

George
 
> I think the Extropians did something like that, which ended in some sort of 
> fiasco which some cypherpunks were involved in, though I don't know the 
> details and was never a participant in that list/social circle.
> 
> 
> --
> Greg Broiles -- [EMAIL PROTECTED] -- PGP 0x26E4488c or 0x94245961
> 5000 dead in NYC? National tragedy.
> 1000 detained incommunicado without trial, expanded surveillance? National 
> disgrace.

Re: Antivirus software will ignore FBI spyware: solutions

[Declan McCullagh]

On Mon, Nov 26, 2001 at 01:38:04PM -0800, Meyer Wolfsheim wrote:
> According to a rebutal posted to Declan's list, McAfee.com (not the same
> as McAfee) is claiming that neither it nor Network Associates is assisting
> the FBI.

I admit I'm not familiar with the details of the corporate structure,
but my understanding is that McAfee is the anti-virus arm of Network
Associates. Another NAI appendage is McAfee.com, which is majority-
owned by NAI. So you're right, not precisely the same, but they're
close enough for this purpose: I got a near-word-for-word identical
denial from NAI, below.

-Declan

---

From: "Thompson, Tony" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Magic Lantern
Date: Mon, 26 Nov 2001 14:49:56 -0600

Declan,

With regards to your message below, Network Associates/McAfee has not
contacted the FBI, nor has the FBI contacted NAI/McAfee, regarding Magic
Lantern.  Additionally, we do not expect the FBI to contact Network
Associates/McAfee regarding Magic Lantern.

Regards,
Tony Thompson
Public Relations Manager
Network Associates / McAfee
408_346.3696
[EMAIL PROTECTED] 

Re: in praise of gold

[georgemw]

On 21 Nov 2001, at 7:55, David Honig wrote:

> At 08:12 PM 11/20/01 -0500, Faustine wrote:
> >David wrote:
> >George wrote:
> >
> >>>5) Gold makes women sleep with you.  I don't know why they
> >>>like it, but they do.
> >>They sleep with you because of your large cattle herd only they
> >>have accepted abstracted value and settle for gold or stocks...
> >
> >
> >Not all women are golddiggers. I happen to think any woman who marries
> ..
> >The only "abstracted value" I find really intriguing is the quality of...
> 
> You should interpret my statement in the context of George's statement
> not your personal life.
> 
> Also regardless of your personal tastes, you should be familiar with
> sociobiology, Desmond Morris, etc.  Peacock feathers, mammaries on humans,
> antlers, etc. 
> 
> 
Actually, in that context I was specifically NOT referring to
gold as a generic proxy for value,  if you'll recall I was listing
reasons was gold is particularly well suited to be a proxy for
value.  The point is that gold is something that falls into the
category of sparkly things that women like.  Women will sleep with 
you if you give them jewelry, even if they're not going to
sell it.  Umm, or so I've been told.

Of course, men like the sparkly stuff also, but if wear lots of
jewelry people are likely to think you're either gay or a pimp.
Not that there's necessarily anything wrong with that, but giving off
misleading signals can lead to embarassment.

George

PROVEN Work at Home System that Generates FREE LEADS!

[normie_walcott]

PROVEN Work at Home System that GENERATES FREE LEADS! 

Hi, My name is Normie 

I am an ordinary woman living in the US who as learned how to make a 
living on the Internet working from home. I am willing to teach you to do 
the same, in simple easy to understand lessons so you can be successful 
to. I will work with you and teach you everything I know for FREE! This is 
an international business and everyone is welcome, it doesn't matter who 
you are or where you're from, anyone can do this.

You don't have to be a computer whiz or genius to learn to earn on the 
Internet. You just need a dream and be willing to give some time to 
learning and implementing the things I teach you. 

You won't GET RICH QUICK but you will be able to build a good solid 
income, an income that will depend solely on you and whether or not you 
are willing to learn. If you are willing to learn and want to get to know and 
work with a real person, then contact me. I am real and I promise to help 
you all that I can.

You are wondering why would I help you for Free? The company that I am 
affiliated with pay me commissions on what I do to promote their 
products/services. If I teach others to do the same they pay me 
commissions on how well you do at promoting their products/services also.

So my goal will be to teach you so well that you are making money and I 
am making money. I like it when the big boys pay me, and not the little guy 
like you and me. 

If you join me and my dedicated team I will even give you a fully working 
registered copy of Desktop Server 2000 & Atomic Harvester 3 ($500 
value). These two incredible programs have been solely responsible for all 
my success of the last few months.

I you are interested in learning more please send a blank E-Mail with “Tell 
Me More” in the subject line and mail it to [EMAIL PROTECTED]

I look forward to hearing back from you soon and hopefully working closely 
with you in the near future.

Sincerely,

Normie M. Walcott

This is a onetime mailing, you will not receive any further E-mail's from me 
and you do not have to remove yourself from any list.

*This is NOT SPAM, this is a series of e-mail that you have requested 
regarding our business.

Sixpack Encryption Email client

[georgemw]

On 21 Nov 2001, at 21:00, Sandy Sandfort wrote:

> David wrote:
> 
> > Declan's comment on operating a physical
> > remailer for suitably valuable cargo,
> > plus some of Tim's recent comments about
> > integration, made me think of the
> > question in the subject line. So far
> >I see at least three possible answers.
> >
> > 1) Make lots of money.
> >
> > 2) Spread awareness (that "funny feeling in the stomach" recently
> > discussed) and save our fellow man. Make the world safe for privacy.
> >
> > 3) Ensure that cryptography and privacy-enhancing technologies have uses
> > besides "Four Horsemen of the Infocalypse," so that they aren't banned.
> >
> > anything else?
> 
> Yes, a corollary to 2) is that by saving our fellow man, we are saving
> ourselves as well.  The elitist idea that it doesn't make any difference
> what happens to the little people is wrong-headed.  Because the world is set
> up to make cars affordable for the little people, you and I can have
> personal automotive transportation at a fraction of the cost if we were to
> try and assemble them up in Galt's Gulch.  If crypto gets wide-spread use by
> the little people, our use will be lost in the noise.
> 
> 
>  S a n d y
> 
> 

I gave a little bit of thought about what an encrypted email client 
should look like for joe sixpack to use.  Here's how the DEFAULT
behavior would work:

When you install the   software, it generates a public-private key
pair. It saves your private key right there on your hard disk
unencrypted, no tricky passphrase to remember.  It then uploads
your private key to some central server.

The software maintains a list of public keys, if you want to send
mail to someone for whom  you don't have a public key, it'll
check the server for one. If you have a key for someone, it'll
automatically encrypt. If you receive encrypted mail, it'll 
automatically decrypt (and save the decrypted mail on your hard 
drive). It'll have a little icon on a mail message indicating if
it was encrypted, and there'll be an icon next to each name
in the address book indicating if you have a key for that
address, but for the most part it'll encrypt opportunistically
and the user won't need to know or care  if a message is
encrypted or not.

I'm sure I don't need to go into detail explaining what's wrong with 
this, but it should be obvious that every convenience violates
an important security rule.  And it pretty much has to be that way.
You either have to remember a passphrase and key it in, or
any fool who gets access to your computer can easily read your
private key, and so on.

Personally, I think it'd be better if the sixpackers used this kind
of encryption than no encryption at all, if I thought that people
wuld use this kind of email client I would write it, it shouldn't
be too hard since I could probably steal most of the code.

George 

Re: Cattle Herding... (was Re: in praise of gold)

[georgemw]

On 23 Nov 2001, at 19:13, R. A. Hettinga wrote:

> Pecunia, the latin word for money, comes from the Etruscian pecu, meaning, cow.
> 
> Cheers,
> RAH
> 

And of course the German word for money is Gelt, which means 
Gold. 

Cows might have served well as currency for primitives like the 
Etruscans, but can you imagine using them today?  I took
a bus this morning, the fair was 1.10 and I only had paper money
so they ripped me off 90 cents.  But if I was an Etruscan, they
would've taken my whole cow! 

George
> -- 
> -
> R. A. Hettinga 
> The Internet Bearer Underwriting Corporation 
> 44 Farquhar Street, Boston, MA 02131 USA
> "... however it may deserve respect for its usefulness and antiquity,
> [predicting the end of the world] has not been found agreeable to
> experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: Moving beyond "Reputation"--the Market View of Reality

[georgemw]

On 25 Nov 2001, at 15:05, Tim May wrote:

> For many years some of us have argued strongly for "reputation" as a 
> core concept. Someone, perhaps even one of our own, even coined the 
> phrase "reputation capital."
> 
> Reputation is an easily understandable concept which explains a lot 
> about how imperfect protocols in the real world nevertheless "work." I 
> won't go into what reputation is, even as defined by folks like us.
> 
> But there are many aspects of reputation which lead to problems:
> 
> 1. The assumption that an agent or actor possesses a "reputation." A 
> kind of scalar number attached to a person, a bank, an institution, or 
> even a nym.
> 
> 2. When in fact different people have different assessments of some 
> agent's reputation. Thus suggesting strongly that reputation is not 
> something attached as simply as above.
> 
> 3. All of the nonsense about how "Alice's reputation has been harmed," 
> deriving from the faulty notion of this scalar property attached to 
> Alice.
> 

I don't think this follows. If I say "Alice ripped me off", Alice's 
reputation may well suffer even if reputation isn't a scalar
property.  People who consider my word as being worthless won't
lower their opinion of Alice, but somebody might.



> The value of a monetary token is NOT something that is determined by 
> precise mathematical protocols. It's a value based on _belief_ or 
> _expectation_ about the behaviors of other actors, and about the future. 
> Currency suspected of being counterfeit may sell for 10 cents on the 
> dollar, to a sophisticated buyer, while currency suspected of being 
> legit may or may not sell for at or near face value. 

Doesn't the concept of "selling for face value" imply that there's
a currency known to be legit?  I mean, if I'm trading paper for
paper I ought to expect to average 1 for 1.

Somehow this reminds me of a story I once read where one crook
was selling another crook what was purported to be high quality
counterfeit money but was actually the proceeds from a bank
heist (the irony being that the "real" money was worth considerably 
less than the counterfeit).


> Instead of an ontology of objects and their attached methods and 
> property lists, including "reputations" and "monetary values," we should 
> be thinking in terms of these objects as just other actors, with each 
> actor maintaining his own internal model of "possible worlds" (how he 
> thinks the other actors will behave, what he thinks may be future 
> outcomes, what his own goals and expectations are). Seen this way, there 
> is no "reputation" or "value" that is universal. Everything is relative. 
> Everything is seen through the light of internal states/possible worlds.
> 

I believe what you are saying here is true, but I don't see what
recognizing this gets you.  In principle, if there's a digital
currency which is allegedly redeemable for dollars and I think
that there's about a 50-50 chance that I'll actually be able to 
redeem the currency then I ought to be willing to accept it at
50% face value, but in practice evaluating probabilities like
that is pretty hard, and I'm pretty much always going to be
coming up with probabilities close to one or close to
zero that any kind of "backed" currency is good.
 
> This is the market view of reality. There is no "Reality." Just 
> ensembles of actors, various facets, incomplete knowledge...all 
> lubricated by betting. Every street kid knows this.
> 
> Digital money is just one facet of this worldview.
>

Again, I don't see where this gets us.

George
 
> --Tim May
> "He who fights with monsters might take care lest he thereby become a 
> monster. And if you gaze for long into an abyss, the abyss gazes also 
> into you." -- Nietzsche

Re: Sixpack Encryption Email client

[Eric Murray]

On Mon, Nov 26, 2001 at 05:12:38PM -0800, [EMAIL PROTECTED] wrote:
> I gave a little bit of thought about what an encrypted email client 
> should look like for joe sixpack to use.  Here's how the DEFAULT
> behavior would work:
> 
> When you install the   software, it generates a public-private key
> pair. It saves your private key right there on your hard disk
> unencrypted, no tricky passphrase to remember.  It then uploads
> your private key to some central server.

you meant uploads your public key to some central server.
 
> The software maintains a list of public keys, if you want to send
> mail to someone for whom  you don't have a public key, it'll
> check the server for one. If you have a key for someone, it'll
> automatically encrypt. If you receive encrypted mail, it'll 
> automatically decrypt (and save the decrypted mail on your hard 
> drive). It'll have a little icon on a mail message indicating if
> it was encrypted, and there'll be an icon next to each name
> in the address book indicating if you have a key for that
> address, but for the most part it'll encrypt opportunistically
> and the user won't need to know or care  if a message is
> encrypted or not.


I think that the Joe Sixpacks who would care enough to install
"secure" email would like to have some sort of feedback
that it's working, i.e. they need to unlock the private key with
a password.  Of course they'll choose a lame one, but that's
besides the point.

There's two sub-species of Sixpack-- the one I describe, and
those who don't know and don't care about secure email, which
is who you're talking about.

It's the the "early adopter" Sixpacks I'm thinking of.  Once you get
enough of them, then the someone will declare it an industry standard
and all the Sixpacks will get it, whether they know it or not.

I wrote something like what you're describing long ago, for a large
workstation maker.
Only this was a hack on sendmail to automagically encrypt/decrypt
mail between offices in foreign countries whose security services
were known to snoop on technology companies.  

> Personally, I think it'd be better if the sixpackers used this kind
> of encryption than no encryption at all, if I thought that people
> wuld use this kind of email client I would write it, it shouldn't
> be too hard since I could probably steal most of the code.

How about an add-on to MSIE or Netscape?  Either one has a pile
of crypto junk to call on.  Making it work with S/MIME might
be an easy way to do it.


Eric

Re: Moving beyond "Reputation"--the Market View of Reality

[David Honig]

At 03:54 PM 11/26/01 -0800, [EMAIL PROTECTED] wrote:
>On 25 Nov 2001, at 19:30, David Honig wrote:
>> 
>> I recently posted how ground squirrels have rep cap.
>> 
>
>It was interesting, but unless I misread it (a distinct possibility)
>the squirrels didn't really have something we'd call a reputation.
>The squirrels would remember "that squirrel keeps claiming there's
>a stuffed badger when there is no stuffed badger" and would
>ignore his warnings, but a real reputation system would be more 
>like a new squirrel shows up and the experienced squirrels
>tell the new squirrel which squirrels are reliable and which aren't.
>I don't think squirrels are capable of that.

Aha.  I have learned something then; I didn't realize that reps
must be somewhat infectious.  But infectious-reps require a decent
medium, e.g., a decent language; squirrels don't really have the
degrees of freedom.  Though it must be obvious to new squirrels
(eg by observing other more seasoned squirrels lack of reaction) that no
one takes Spoofie Squirrel seriously.  In any case, each squirrel certainly
believes their own set of experiences (and reputations inferred therefrom)
and so would advocate the adoption of its experience, 
if sufficiently verbal to do so.  Much like primates.

In any case, "Spoofie is unreliable about badgers" seems to me to be
a reputation.

At one extreme of opinion, reps are personal; at the other they are objective
and are therefore worth transferring amongst members of so-equipt
species.

Nature *does* have joints at which it can be carved; high-rep people
will tend to recommend other high-rep people and the UFO types will
cross reference the Bigfoot folks.  Such is the nature of peer
review, of cultural epistemology.   There are objective
parts of reputation, even if no objective agreement on the *sign* of
the quality.  

Crypto/tech will only elaborate what is innate or natural in social critters.

"It's Proto-Indo-European for "money" "

[Tim May]

On Monday, November 26, 2001, at 05:21 PM, [EMAIL PROTECTED] wrote:

> On 23 Nov 2001, at 19:13, R. A. Hettinga wrote:
>
>> Pecunia, the latin word for money, comes from the Etruscian pecu,
>> meaning, cow.
>>
>> Cheers,
>> RAH
>>
>
> And of course the German word for money is Gelt, which means
> Gold.
>

German is but one of _many_ descendants of Proto-Indo-European.

My favorite dictionary, the American Heritage Dictionary, has extensive
etymologies tracing to PIE. Note that often the words have Greek and
Latin cognates, meaning in most cases an etymology distinct from German.

Lots of English, Norse, Dutch, and German words have the "gl" sound:
glitter, glisten, glimmer,  gleaming, gloaming, gloss, glow, glower,
gold, guild, guilder, gall, cholera, even Sanskrit words.

Left as an exercise: the PIE origins of "mark" (another common word for
a unit of money), "dollar" (ditto), and "crown." For extra credit,
"peso," "peseta," and variants. For extra extra credit, "florin."

Here's the entry:

http://www.bartleby.com/61/roots/IE158.html

ENTRY:  ghel-2
DEFINITION: To shine; with derivatives referring to colors, bright
materials, gold (probably yellow metal), and bile or gall. Oldest form
*hel-, becoming *ghel- in centum languages.
Derivatives include gold, arsenic, melancholy, Hare Krishna, gleam,
glimpse, and glide.
   I. Words denoting colors. 1. Suffixed form *ghel-wo-. yellow, from
Old English geolu, yellow, from Germanic *gelwaz. 2. Suffixed variant
form *ghl-ro-. chloro-; chlorite1, from Greek khlros, green, greenish
yellow. 3. Suffixed variant form *ghlo-wo-. chloasma, from Greek
khloos (< *khlo-wo-s), greenish color. 4. O-grade form *ghol-. podzol,
from Russian zola, ashes (from their color). 5. Suffixed form *ghel-i-.
Hare Krishna, Harijan, from Sanskrit hari-, tawny yellow. 6. Possibly
suffixed zero-grade form *gh-wo- in Latin fulvus, tawny (with dialectal
f- as in fel, gall): griseofulvin.
   II. Words denoting gold. 1. Suffixed zero-grade form *gh-to-. a.
gold, from Old English gold, gold; b. gild1, from Old English gyldan, to
gild, from Germanic denominative verb *gulthjan; c. guilder, gulden,
from Middle Dutch gulden, golden; d. gowan, from Middle English gollan,
yellow flower, possibly from a source akin to Old Norse gullinn, golden.
ad all from Germanic *gultham, gold. 2. Suffixed o-grade form
*ghol-to-. zloty, from Polish zoto, gold. 3. Suffixed full-grade form
*ghel-no-. arsenic, from Syriac zarnk, orpiment, from Middle Iranian
*zarnik-, from Old Iranian *zarna-, golden.
   III. Words denoting bile. 1. Suffixed o-grade form *ghol-no-. gall1,
from Old English gealla, gall, from Germanic *galln-, bile. 2. Suffixed
o-grade form *ghol--. chole-, choler, cholera; acholia, melancholy, from
Greek khol, bile. 3. Suffixed full-grade form *ghel-n-. felon2, from
Latin fel, bile.
   IV. A range of Germanic words (where no preforms are given, the words
are late creations). 1. gleam, from Old English glm, bright light,
gleam, from Germanic *glaimiz. 2. glimpse, from Middle English glimsen,
to glimpse, from a source akin to Middle High German glimsen, to gleam.
3. glint, from Middle English glent, a glint, and glenten, to shine,
from a source akin to Swedish dialectal glinta, to shine. 4. glimmer,
from Middle English glimeren, to glimmer, from a source akin to Swedish
glimra, glimmer. 5. glitter, from Old Norse glitra, to shine. 6. glitz,
from Old High German glzan, to sparkle. 7. glisten, from Old English
glisnian, to shine. 8. glister, from Middle Dutch glinsteren or Middle
Low German glisteren, to shine. 9. glass, glaze, glazier, from Old
English glfs, glass, from Germanic *glasam, glass. 10. glare1, from
Middle English glaren, to glitter, stare, from a source akin to Middle
Low German glaren, to glisten, from Germanic *glaz-. 11. gloss1, from a
source perhaps akin to Icelandic glossi, a spark. 12. glance2, from Old
High German glanz, bright. 13. gleg, from Old Norse glvggr,
clear-sighted. 14. glad1, from Old English glfd, shining, joyful, from
Germanic *gladaz. 15. glee; gleeman, from Old English glo, sport,
merriment, from Germanic *gleujam. 16a. gleed, from Old English gld,
ember; b. glogg, from Old Norse glodh, ember. Both a and b from Germanic
*gl-di-. 17a. glow, from Old English glwan, to glow; b. glower, from
Middle English gloren, to gleam, stare, probably from a source akin to
Norwegian dialectal glora, to gleam, stare; c. gloat, from a source
perhaps akin to Old Norse glotta, to smile (scornfully). ac all from
Germanic *gl-. 18. gloaming, from Old English glm, twilight, from
Germanic *gl-m-. 19. Possibly distantly related to this root is Germanic
*gldan, to glide. a. glide, from Old English gldan, to slip, glide; b.
glissade, from Old French glier, to glide; c. glitch, from Old High
German gltan, to glide; d. glede, from Old English glida, kite (<
gliding, hovering bird), from derivative Germanic *glidn-. 20. glib,
from a source possibly akin to Middle Low German glibberich, slip

Re: Antivirus software will ignore FBI spyware: solutions

[Tim May]

[I sent this a couple of hours ago, hasn't appeared on my feed, lne.com. 
Apologies if you get it twice.]

On Monday, November 26, 2001, at 11:49 AM, Sunder wrote:

> Great and wonderful except:
>
> 1. If such spyware has already been installed on your system you can't
> trust your os therefore:
>
>   a. It may use your OS to hide the key capture log, so you
>  won't be able to just watch files.  Think of a kernel patch
>  that removes all references to a specific file, not just
>  sets it to be hidden.

Yes, but this is probably beyond current and foreseeable attacks. I 
don't dispute that all sorts of advanced attacks are possible, just that 
the fixes this guy suggested are "much better than doing nothing."

Even _secure_ OSes (KeyCOS, for example) are vulnerable to attacks when 
physical access is gained...doesn't make it easy, though.
>

> 4. If you live in a crowded area, your iPod can be lifted off you
> in a false mugging, or break in, pick pocketting while you're at a
> restaurant, movie, etc.

This implies a level of surveillance/commitment beyond what most FBI 
attacks are at.

More importantly, theft of my iPod would then trigger certain actions. 
Cancelling my existing key and generation of a new one.

All of these kinds of "they've got your hardware" attacks are present 
with nearly all systems. All require more work than the simple insertion 
of a keystroke logger involves. It's all measures and countermeasures.
>

> 10. Ordered any new copies of a bit of software?  Maybe they have a deal
> with FedEx, UPS, the Mailman.  Maybe what you're getting is the upgrade
> and then some.  How can you tell that copy of SmallTalk doesn't carry an
> extra bit of code just for you?  How can you tell that the latest patch 
> to
> MacOS you've just downloaded really came from Apple?  Sure DNS said it 
> was
> from ftp.apple.com but how do you know that the router upstream from 
> your
> internet provider didn't route your packets via ftp.fbi.gov?

Paranoia can be a dangerous thing.
--Tim May
"Gun Control: The theory that a woman found dead in an alley, raped and
strangled with her panty hose,  is somehow morally superior to a woman 
explaining to police how her attacker got that fatal bullet wound"


--Tim May
"That government is best which governs not at all." --Henry David Thoreau

Re: Anonymizing Scam

[Anonymous]

The following message by Lance Cottrell responding to John Young's
accusations was sent to the cypherpunks list but apparently never
appeared here.



Date: Sat, 24 Nov 2001 00:15:16 -0800
To: "R. A. Hettinga" <[EMAIL PROTECTED]>,
Digital Bearer Settlement List <[EMAIL PROTECTED]>, [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
From: "Lance M. Cottrell" <[EMAIL PROTECTED]>
Subject: Re: Anonymizing Scam

Given how widely know my email address is, I am saddened that people 
would post this kind of unsubstantiated rumor without any attempt to 
check on the validity.

Anonymizer has always offered its services to all comers. This has 
always included law enforcement. They have used our services to keep 
an eye on certain websites for many years, without tipping them off 
to the focus of their interests. Seeing "fbi.gov" in the log files is 
a bit of a giveaway. They have no special access to our systems, and 
no ability to monitor our users.

Describing our policy of open access as "sucking up to the TLAs" is 
absurd. I would have thought my history in this field would have 
earned me some consideration before jumping to that kind of 
conclusion. Does government and industry have no rights to, or needs 
for, privacy? It seems a hypocritical position for Cypherpunks to 
take.

-Lance Cottrell


At 5:34 PM -0500 11/23/01, R. A. Hettinga wrote:
>--- begin forwarded text
>
>
>Status:  U
>Date: Fri, 23 Nov 2001 16:02:10 -0800
>To: [EMAIL PROTECTED]
>From: John Young <[EMAIL PROTECTED]>
>Subject: Anonymizing Scam
>Sender: [EMAIL PROTECTED]
>
>Below are strange statements coming from Lance Cottrell.
>Is there no anonymizer that is not sucking up to the TLAs?
>Worse, has there ever been?
>
>-
>
>
>http://www.cnn.com/2001/TECH/internet/11/20/privacy.reut/index.html
>
>One company that is still making money off privacy is
>Anonymizer.com, a San Diego-based company that offers
>anonymous Web surfing for $50 a year, or $5 a month. The
>company has 20,000 active subscribers, said President Lance
>Cottrell.
>
>"We're still seeing very strong growth," Cottrell said. "Most
>people are looking to prevent their boss, insurance company,
>spouse, ISP (Internet Service Provider) from knowing where
>they're going."
>
>Even so, Anonymizer.com began a push six months ago to
>market its service to corporations, including law and investigation
>firms, and the U.S. government, he said.
>
>"Intelligence agencies have been using us for years, especially
>since September 11," Cottrell said. "They use us to keep an eye
>on bad guy sites" with covert monitoring.
>
>-
>
>The pattern: initial big deal about helping the public protect its
>privacy, then boom, a later revelation it was impossible to
>continue ...  well, the reasons vary, but the cover story is always
>the need for money, the Judas rationale.
>
>Meanwhile, the fabulous surfing data archive allegedly inviolate, or
>never retained, or no way to ever know who was using the
>service, that is the data all free-gift marketers aim to collect.
>
>Were any anonymizing archives ever trashed or truly protected
>against concurrent snarfing? Is Safeweb laughing like ZKS,
>like Lance? First, the US, then EU, then CN, all the way to
>MD.
>
>What does this say about commercial anonymizing services,
>and remailers? And crypto, especially free PGP, and the honeypot
>AES?
>
>--- end forwarded text
>
>
>--
>-
>R. A. Hettinga 
>The Internet Bearer Underwriting Corporation 
>44 Farquhar Street, Boston, MA 02131 USA
>"... however it may deserve respect for its usefulness and antiquity,
>[predicting the end of the world] has not been found agreeable to
>experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'


-- 
Lance M. Cottrell  [EMAIL PROTECTED]
Anonymizer, Inc.   President
Voice: (619) 725-3180 X304 Fax: (619) 725-3188
www.Anonymizer.com

Re: CDR: Antivirus software will ignore FBI spyware: solutions

[measl]

While it's of little help to M$ lusers, those of us in the *nix world can
use CDROM based filesystems for all but the user data.  Yes, you may be
compromised, but it won't change any code (which is definitely *not* to
say that you aren't in danger from loss of passphrases, etc.) - at least
on sensitive machines. 

I have been using this technique of FreeBSD systems for a little under two
years now (yes, you need to build several copies of your root system :).

 -- 
Yours, 
J.A. Terranson
[EMAIL PROTECTED]

If Governments really want us to behave like civilized human beings, they
should give serious consideration towards setting a better example:
Ruling by force, rather than consensus; the unrestrained application of
unjust laws (which the victim-populations were never allowed input on in
the first place); the State policy of justice only for the rich and 
elected; the intentional abuse and occassionally destruction of entire
populations merely to distract an already apathetic and numb electorate...
This type of demogoguery must surely wipe out the fascist United States
as surely as it wiped out the fascist Union of Soviet Socialist Republics.

The views expressed here are mine, and NOT those of my employers,
associates, or others.  Besides, if it *were* the opinion of all of
those people, I doubt there would be a problem to bitch about in the
first place...

Re: HDCP break and DMCA

[David Wagner]

Anonymous  wrote:
>Why, then, did you go ahead with publication?

I believe publishing is important for the advancement of the field.
If noone publishes, how will we learn from our mistakes?  How will
people learn of the risks?  Fortunately, we are in a privileged position.
The university has been supportive of our work, which has made it easier
to publish on a limited basis despite the risks.

However, if I knew when we started this project what I know now, I would
not have initiated this research: I would have spent my time on some
other important problem without the legal overhead and risks.  In the
future, you can bet that I won't be working on copy protection again,
not if the situation stays like this.

YOUR immediate FINANCIAL SECURITY ! YOUR $3,000 INCOME per WEEK !! ----imp15 8851

[aniuygrwvtz]

Y O U R  $3000.00 INCOME per WEEK!


Give Me 5 Minutes, And I'll Show You
How To Flood Your Bank Account With Serious Cash,
 
DID YOU MAKE $12,000 LAST MONTH
IF NOT, YOU NEED TO JOIN US TODAY!

- FREE Turnkey Marketing System (a $2500 Value)
- FREE Ready-to-Use "Order-Pulling" Ads & Sales Letters
- Earn $1,000 CASH on Each and Every Sale to Infinity!
- Work From Home and Live the "1-Minute" Commute
- Plug Into Our Duplicate-able 3-Step Success System
- Secure Your Financial Freedom Starting Today
- Buy Your Dream House and Dream Car! 
- Amazing Support System guarantees YOU to SUCCEED!
- EVERYBODY is a Prospect - 100% Cash Machine !


NO hype ! All legal !
I will even fax you my BANK STATEMENT to prove it!

 
PROGRAM for US residents ONLY


Request more info NOW! 
send an email to:[EMAIL PROTECTED]  

with "SEND INFO" in the subject line!!
(do NOT click REPLY!)




To remove, please send an email with "REMOVE" 
in the subject line to:   [EMAIL PROTECTED] 

Re: Anonymizing Scam

[Tim May]

On Monday, November 26, 2001, at 06:24 PM, Anonymous wrote:

> The following message by Lance Cottrell responding to John Young's
> accusations was sent to the cypherpunks list but apparently never
> appeared here.
>
> 
>
> Date: Sat, 24 Nov 2001 00:15:16 -0800
> To: "R. A. Hettinga" <[EMAIL PROTECTED]>,
> Digital Bearer Settlement List <[EMAIL PROTECTED]>, 
> [EMAIL PROTECTED],
> [EMAIL PROTECTED], [EMAIL PROTECTED], 
> [EMAIL PROTECTED]
> From: "Lance M. Cottrell" <[EMAIL PROTECTED]>
> Subject: Re: Anonymizing Scam
> Describing our policy of open access as "sucking up to the TLAs" is
> absurd. I would have thought my history in this field would have
> earned me some consideration before jumping to that kind of
> conclusion. Does government and industry have no rights to, or needs
> for, privacy? It seems a hypocritical position for Cypherpunks to
> take.
>

"It seems a hypocritical position for Cypherpunks to
take."


Assuming that John Young speaks for "Cyphepunks" is bizarre.


--Tim May
"The only purpose for which power can be rightfully exercised over any 
member of a civilized community, against his will, is to prevent harm to 
others. His own good, either physical or moral, is not a sufficient 
warrant." --John Stuart Mill

Re: The Crypto Winter

[Jim Choate]

On Tue, 20 Nov 2001, Faustine wrote:

> >Then you have missed a fundamental aspect of human society and the
> >responbility (shades of Hayek) that goes along with it.
> >Hayek, von Mises, etc. would be disappointed.
> 
> 
> In a survival situation, nobody gives a crap about "human society", it's either
> a matter of conscience or it isn't. 

Everything is a 'survival situation', some are just easier to resolve than
others. False distinction on your part.

Everybody with half an interest in surviving the 'survival situation' most
certainly cares about 'human society'. They have a primary goal.

AVOID DOG-EAT-DOG.

However, CACL doesn't provide a process to do that. When faced with a
crisis situation it jumps right to the 'worst case' result.

The reality is that 'survival situations' are why peoople build societies.
It happens to be why ALL social animals adopted that strategy, by sharing
and cooperating it becomes possible to maximize the number of survivers.
Something that CACL philosophy couldn't care sot about.

The reality is that by refusing to force others to share you in fact
exacerbate your survival situation. You claim that if somebody forces you
it is wrong, yet you seem to believe it's ok to force others.

So much for doing away with 'coercion'. At most CACL philosophy buys a
level or two of indirection with regard to blaim. However, that doesn't
remove the responsibility (re my Hayek quote on that topic a few weeks
ago).

CACL, as you clearly demonstrate by your responce, is focused on the 'I'.

> Actually if I were in that situation, I'd probably try to steal some of the
> water for him.

Perfect example of why you tend toward CACL philosophy.

And by the way, with no 'human society crap' there isn't any such thing as
'stealing'. There is 'taking' and 'taking against anothers wishes' but
neither of these are 'stealing'.

> But I wouldn't try to pretty up my stealing with some sanctimonious sermon 
> about needs and obligations to the guy I have at the other
> end of my gun.

But you just did with your previous example. It's a perfect example of the
CACL 'Freedom for me, but not for thee'.


 --


 Day by day the Penguins are making me lose my mind.

 Bumper Sticker

   The Armadillo Group   ,::;::-.  James Choate
   Austin, Tx   /:'/ ``::>/|/  [EMAIL PROTECTED]
   www.ssz.com.',  `/( e\  512-451-7087
   -~~mm-'`-```-mm --'-

Re: Moving beyond "Reputation"--the Market View of Reality

[Faustine]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Declan wrote:

> Sure, one can say: let's just have a complicated reputation space
> (think an array of arrays) for each one of these characteristics. To
> use a silly example:
> * truthtelling [0-255]
> * maturity [0-255]
> * morality [0-255]
> * netiquette [0-255]
> * spelling [0-255]
> * etc.


In addition to the interesting points you and Tim made about the value of
trying to quantify the subjective, deception and gullibility (or trust, if
you're feeling charitable) are factors worth taking account as well. How
sensitized are the raters to the possibility that someone is acting in bad
faith and taking them for a ride? What specific triggers erode or establish
trust, and how easily are the individual factors manipulated? Given that the
DoD is putting an ever-increasing amount of money into this sort of research,
it seems like any "reputation rating system" which doesn't address the
idea of deception and bad-faith actors is a juicy target for being subverted
and corrupted from the foundation up.

Deception is problematic enough as it is, offline: I can't think of a more
spectacular failure of "reputation" than the case of good old boring long-faced
church-every-Sunday solid-citizen Robert P. Hanssen. If his FBI colleagues had
been asked to rate him by your above criteria, he probably would have been in
the high 200s all across the board. And maybe deservedly so. But since those
factors weren't in any way, shape, or form relevant to the fact that he was also
the kind of person who could sell out his country for the sheer pleasure of 
the game of it, he got away with murder for years until he got careless and
his shitty tradecraft finally caught up with him. How many thousands of man
- -hours were wasted spinning in circles over "suspicious people" when the real
bastard was nice and comfy right in the middle of their own ant-heap. 
Absolutely nauseating, how easy putting stock in a "good reputation" makes
it to be compromised beyond repair. Something to consider, anyway. 

And bad-faith actors aside, if everyone in a group becomes fixated on boosting
their ratings, they'll become less and less likely to contradict "the wrong
(high-status) people" and more likely to go for cheap shots at the designated
whipping boys to the point that the whole list becomes a pointless pecking
- -order exercise in kissing the ass of the alpha baboons. Or something. 

Here's to saying what you think, popularity be damned. 

~Faustine.




***

The right to be let alone is indeed the beginning of all freedoms.
- --William O. Douglas, Associate Justice, US Supreme Court

-BEGIN PGP SIGNATURE-
Version: PGPsdk version 1.7.1 (C) 1997-1999 Network Associates, Inc. and its 
affiliated companies. (Diffie-Helman/DSS-only version)

iQA/AwUBPAMFDvg5Tuca7bfvEQIAzwCg2T7jO5Piut/3i9+6DJZ0veUEVY4AoJmM
PZQUIq5LoYBapWpQlBBrp58p
=5nZk
-END PGP SIGNATURE-

Re: The Crypto Winter

[Jim Choate]

On Tue, 20 Nov 2001, David Honig wrote:

> At 09:19 PM 11/19/01 -0600, Jim Choate wrote:
> >C-A-C-L's would let people die from thirst before interfering in a 'free
> >market'. Others would say screw the market and give that man a drink.
> 
> No, a libertarian would say "screw anyone who'd initiate force 
> against me to make me to do this" and then make his own decision.

Hypocrite. In 'making your own decision' you in effect remove any moral or
ehtical framework from your decision. In fact you are acting upon
'freedom for me, but not for thee'. Why? Because you have set yourself up
as the decider of another fate. Your feelings about letting others make
those sorts of decisions for you are clear.

Or do you hold that 'self-defence' applies only to libertarians?

No, the only solution in Faustines 'survival situation' is to create a
neutral 3rd party that is responsible to all participants. It is not
ethical, or workable, to allow each and all to go their own way.


 --


 Day by day the Penguins are making me lose my mind.

 Bumper Sticker

   The Armadillo Group   ,::;::-.  James Choate
   Austin, Tx   /:'/ ``::>/|/  [EMAIL PROTECTED]
   www.ssz.com.',  `/( e\  512-451-7087
   -~~mm-'`-```-mm --'-

Re: in praise of gold

[Jim Choate]

On Tue, 20 Nov 2001, Faustine wrote:

> Not all women are golddiggers. 

They're called 'old maids'. ALL women who are interested in a
'relationship' are 'golddiggers' in the sense they want to 'change' the
other party.


 --


 Day by day the Penguins are making me lose my mind.

 Bumper Sticker

   The Armadillo Group   ,::;::-.  James Choate
   Austin, Tx   /:'/ ``::>/|/  [EMAIL PROTECTED]
   www.ssz.com.',  `/( e\  512-451-7087
   -~~mm-'`-```-mm --'-

Re: The Crypto Winter

[Jim Choate]

On Wed, 21 Nov 2001, David Honig wrote:

> At 07:56 PM 11/20/01 -0800, Morlock Elloi wrote:
> >> Capitalism is a natural result of free people.
> >
> >The ultimate argument. Like in "natural" and "unnatural" sex 
> 
> Hardly dogma; look at history.  

Yes, look at history. Many if not most reasons for war and such were not,
and are not 'capitalism'. Econimics is NOT the root of human motivation or
desire.
 
> Unhindered by social engineers/violence monopolists, people used
> tools (capital) to increase productivity.

Yes, by creating societies with consequences for those who don't conform.

The reality is that one can't escape 'coercion'. Can't be done.


 --


 Day by day the Penguins are making me lose my mind.

 Bumper Sticker

   The Armadillo Group   ,::;::-.  James Choate
   Austin, Tx   /:'/ ``::>/|/  [EMAIL PROTECTED]
   www.ssz.com.',  `/( e\  512-451-7087
   -~~mm-'`-```-mm --'-

Re: in praise of gold

[Jim Choate]

You should spend some time reading recent work on Chimp and Bonobo packs
and the inter-pack shenanigans the females go through (as well as the
mapping to human behaviour).

On Fri, 23 Nov 2001, Harmon Seaver wrote:

>   On a long road trip one night, I heard an extremely interesting long
> discussion amongst a group of psychiatrists, sociologists, and other
> scientists,  regarding a study which showed, firstly, that large numbers of
> attractive young women married unattractive, frequently older, boring, but
> financially well-off men.
>   No surprise, that, eh? But then, the study showed, that a large
> percentage of these same women also tended to have adulterous relationships
> with what was termed "dangerous" men -- losers, outlaws, reckless adventurers,
> etc.
>  Another surprise was that this was a cross-cultural phenomenon, and the
> gist of the discussion was that this wasn't merely thrill seeking or whatever
> on the part of the women, but was actually subconscious darwinism in action,
> i.e., the woman formed the permanent alliance with the man who could best
> support her offspring, then got herself impregnated by the males with the
> strongest, sexiest, genetic makeup -- thereby insuring that not only would her
> children survive, but they, like their true father (and also like the mother)
> would be very attractive and likely to mate.
>   An extremely interesting idea. Some might find the articles in the most
> recent Wired about the high percentages of autism among Silicon Valley
> children to be interesting --


 --


 Day by day the Penguins are making me lose my mind.

 Bumper Sticker

   The Armadillo Group   ,::;::-.  James Choate
   Austin, Tx   /:'/ ``::>/|/  [EMAIL PROTECTED]
   www.ssz.com.',  `/( e\  512-451-7087
   -~~mm-'`-```-mm --'-

Re: reputation capital in rodentia

[Jim Choate]

They did no such thing. In order for 'reputation' to happen in the
context of human society one would have to prove that squirrels have a
sense of 'I'. I'll leave the current research and a few minutes of
personal time with a rodent speak for that aspect.

Further, correlation <> reputation.

For example, how long after a given squirrel dedides to ignore a
particular alarm cry does the alarm cry still work? One day, two? A week?

More importantly, how many squirrels on average does a squirrel ask before
it ignores the cry?

Crap study, crap interpretation.

On Sat, 24 Nov 2001, David Honig wrote:

> Ground squirrels maintain reputations.  Scientists played
> back alarm calls both with (to enhance) and without (to
> degrade) different individuals' calls.  After 10 false
> alarms, that call was ignored; but the high S/N call
> caused alarms even without the threat (a stuffed badger)
> being present.
> 
> J Hare, B Atkins, Behav Ecol & Sociobio
> reported in Sci News 160 p 312


 --


 Day by day the Penguins are making me lose my mind.

 Bumper Sticker

   The Armadillo Group   ,::;::-.  James Choate
   Austin, Tx   /:'/ ``::>/|/  [EMAIL PROTECTED]
   www.ssz.com.',  `/( e\  512-451-7087
   -~~mm-'`-```-mm --'-

Re: CDR: Moving beyond "Reputation"--the Market View of Reality

[Jim Choate]

On Sun, 25 Nov 2001, Tim May wrote:

> For many years some of us have argued strongly for "reputation" as a 
> core concept. Someone, perhaps even one of our own, even coined the 
> phrase "reputation capital."

And for as many years many of us have seen that it's not as useful as it
would first seem. The reality is that trust isn't transitive and as a
result reputation isn't either.

> Reputation is an easily understandable concept which explains a lot 
> about how imperfect protocols in the real world nevertheless "work." I 
> won't go into what reputation is, even as defined by folks like us.

It may be 'easily understood', but it's also easily misunderstood (by
many).

> But there are many aspects of reputation which lead to problems:

Reputation itself is a problem. Past behaviour (toward another) is not a
reasonable predictor of future behavior (toward myself).


 --


 Day by day the Penguins are making me lose my mind.

 Bumper Sticker

   The Armadillo Group   ,::;::-.  James Choate
   Austin, Tx   /:'/ ``::>/|/  [EMAIL PROTECTED]
   www.ssz.com.',  `/( e\  512-451-7087
   -~~mm-'`-```-mm --'-

Re: Moving beyond "Reputation"--the Market View of Reality

[Jim Choate]

On Sun, 25 Nov 2001, Gabriel Rocha wrote:

>   On Sun, Nov 25, at 03:05PM, Tim May wrote
> | Thus, what is the "reputation of the dollar"? Is it because of foolproof 
> | anti-forgery measures? Is it because of the laws of the U.S.? Etc.?
> | 
> | No, it is a kind of collective hallucination.
>  
> It is not a "Collective hallucination"

If you use the work 'reputation' to mean that the past behaviour is a
reasonable indicator of future behavior (as most CACL use it) then it is
most certainly a shared hallucination.

In fact it's not even 'economic', it's 'emotional' in nature.


 --


 Day by day the Penguins are making me lose my mind.

 Bumper Sticker

   The Armadillo Group   ,::;::-.  James Choate
   Austin, Tx   /:'/ ``::>/|/  [EMAIL PROTECTED]
   www.ssz.com.',  `/( e\  512-451-7087
   -~~mm-'`-```-mm --'-

Re: Moving beyond "Reputation"--the Market View of Reality

[Jim Choate]

On Sun, 25 Nov 2001, Morlock Elloi wrote:

> Are you saying that governments are providing a valuable service by propping up
> arbitrary prohibitions and thus establish a value system against which we can
> bang our heads ?

You misrepresent, governments don't (in general) make 'arbitrary
prohibitions'.


 --


 Day by day the Penguins are making me lose my mind.

 Bumper Sticker

   The Armadillo Group   ,::;::-.  James Choate
   Austin, Tx   /:'/ ``::>/|/  [EMAIL PROTECTED]
   www.ssz.com.',  `/( e\  512-451-7087
   -~~mm-'`-```-mm --'-

A wheelchair and an atifficial Limb

[adiele egbukole]

Sir,



I greet you  with the Glorious peace of ower Lord 
Jesus christ, hoping that this email of mine gets to
you in good faith.
Be that as it may, kindly alow me to introduce
myself to you,as we have not met before.
my name is ADIELE EGBUKOLE, i am a christian by
religion. But unfortunately i am a handicap, although
i was not born a handicap but as faith could have it i
had an accident two years back that was during my last
year in the university.I thank God to that am alive to
testify to the wonderful things that the lord have
been doing in my live.Today i am an accountant,but the
unfortunate situation there is that i lost my right
limb due to the accident that i had.this  condition
has made life immensely difficult for me,this have
made me to seek for your much needed
help.Please,kindly help me as i cant work and i need
to buy a[plastic Right Limb]and a wheel chair  to
enable me to move freely from one place to ther other.
I am very sorry for this, as it's not in my
character to ask for such favour, but presently i dont
have a choice than to seek for your help.Please, i
must beg you that you should'nt hesitate to help me if
you can...I want to live a happy live againe.You may
want to know how much the wheel chair and the plastic
limb will cost me. I  have gone for the price; it will
cost me $250 to buy a fairly used wheel chair and the
plastic limb.PLEASE KINDLY ASSIST ME WITH WHAT EVER
AMOUNT THAT YOU CAN, ACTUALLY NOTHING IS TOO SMALL,AND
I WILL APPRICIATE WHATEVER HELP YOU CAN RENDER TO ME.

You can get in touch with me through my email
address, Thank you very much for having the time to go
through my mail. Godbless you.perhaps i hope to get a
respose from you...Take care of your self and stay
bless.

   Bye for now,
   Best regards.
   ADIELE  EGBUKOLE.



__
Do You Yahoo!?
Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month.
http://geocities.yahoo.com/ps/info1

Re: CDR: Re: Sixpack Encryption Email client

[measl]

On Mon, 26 Nov 2001, Eric Murray wrote:

> On Mon, Nov 26, 2001 at 05:12:38PM -0800, [EMAIL PROTECTED] wrote:
> > I gave a little bit of thought about what an encrypted email client 
> > should look like for joe sixpack to use.  Here's how the DEFAULT
> > behavior would work:
> > 
> > When you install the   software, it generates a public-private key
> > pair. It saves your private key right there on your hard disk
> > unencrypted, no tricky passphrase to remember.  It then uploads
> > your private key to some central server.
> 
> you meant uploads your public key to some central server.

Actually, this being Joe Sixpack, I believe "private key" was correct -
gotta make sure he can "recover" it after he loses it ;-)

-- 
Yours, 
J.A. Terranson
[EMAIL PROTECTED]

If Governments really want us to behave like civilized human beings, they
should give serious consideration towards setting a better example:
Ruling by force, rather than consensus; the unrestrained application of
unjust laws (which the victim-populations were never allowed input on in
the first place); the State policy of justice only for the rich and 
elected; the intentional abuse and occassionally destruction of entire
populations merely to distract an already apathetic and numb electorate...
This type of demogoguery must surely wipe out the fascist United States
as surely as it wiped out the fascist Union of Soviet Socialist Republics.

The views expressed here are mine, and NOT those of my employers,
associates, or others.  Besides, if it *were* the opinion of all of
those people, I doubt there would be a problem to bitch about in the
first place...

Hi there, check this out!

[Clay Brown]

5.85% Fixed Rate!!

Rates Have Fallen Again!!!
DO NOT MISS OUT!!
LET BANKS COMPETE FOR YOUR
BUSINESS!!!ALL CREDIT WELCOME

Click Here for FREE QuoteRemoval Instructions Click on the below link to be exclude from further communication.
 Click Here 
   

MATT DRUDGE // DRUDGE REPORT 2000® - DOJ papers show terrorist hunt

[Jim Choate]

http://www.drudgereport.com/flash5.htm


-- 

 --


 Day by day the Penguins are making me lose my mind.

 Bumper Sticker

   The Armadillo Group   ,::;::-.  James Choate
   Austin, Tx   /:'/ ``::>/|/  [EMAIL PROTECTED]
   www.ssz.com.',  `/( e\  512-451-7087
   -~~mm-'`-```-mm --'-

Anthrax Theatre OnLine

[measl]

http://www.anthrax.osd.mil/

-- 
Yours, 
J.A. Terranson
[EMAIL PROTECTED]

If Governments really want us to behave like civilized human beings, they
should give serious consideration towards setting a better example:
Ruling by force, rather than consensus; the unrestrained application of
unjust laws (which the victim-populations were never allowed input on in
the first place); the State policy of justice only for the rich and 
elected; the intentional abuse and occassionally destruction of entire
populations merely to distract an already apathetic and numb electorate...
This type of demogoguery must surely wipe out the fascist United States
as surely as it wiped out the fascist Union of Soviet Socialist Republics.

The views expressed here are mine, and NOT those of my employers,
associates, or others.  Besides, if it *were* the opinion of all of
those people, I doubt there would be a problem to bitch about in the
first place...

Your Leads #1364

[Marketing Group]

Title: EXPRESS QUOTE FORM











Please be as accurate as you can so we can better serve 
you.  Once your express quote form is submitted to us it will be reviewed by one
of our marketing specialists.  You will be emailed with a customer profile
number (please write this number down).  When you decide to order, you will
be asked for your profile number.  
 




  

  
    Company Name
    Your Name
    Mailing Address
    City, State
    Zip Code
    Phone number
    Fax number
    e-mail
    
    
  Your business and your
  objective.   

     
  What is your web address?   
     
  Need to Target a local or nationwide market?   
     
   Nationwide   Local   Not sure
     
  If you are targeting locally, please enter a list of area codes or zip
  codes. 
  

  
     
  If targeting a foreign market, what is the country?  
     
  List any keywords that could help us find your customers. examples; homeowners, businesses, webmasters
   

     
  When are you planning on launching your email campaign? 
     
   1 month    2 weeks    1 week   
  ASAP
  
     
  Do you want to receive additional info on a progressive marketing
  plan? 
     
   YES
  NO
   
     
  If you have an advertisement already, please enter it in the box below:
     

     
     
    
  

  

  



 List
 Removal/OPT-OUT Option
 Click
 Here

RE: Antivirus software will ignore FBI spyware: solutions

[Jonathan Wienke]

-Original Message-
From: Tim May [mailto:[EMAIL PROTECTED]]
Sent: Monday, November 26, 2001 1:13 PM
To: [EMAIL PROTECTED]
Subject: Antivirus software will ignore FBI spyware: solutions


Some interesting tips (bottome of this message) for detecting FBI/SS
snoopware that NAI/McAfee is now assisting the FBI in installing. 

I especially like the idea of "type hundreds of random key strokes and
see which files increase in size." (Or just look for any file size
changes, as most of us type tens of thousands of keystrokes per day.)

The mathematical side of most encryption is vastly stronger than the
"crypto hygiene" side. There's a reason "code rooms" and "crypto
shacks" on military ships and bases have lots of hoops to jump through,
with locked boxes, double-keyed switches, controlled access, etc.  

Most users of PGP take no steps to secure key materials. (I plead
guilty, too.) Most of us are used to immediate access, and we want
crypto integrated with our mail. The notion of going to a locked safe,
taking out the laptop or removable hard drive, ensuring an "air gap"
between the decoding system and the Net, and checking for keyloggers
and hostile code, and so on, is foreign to most of us. 

The "dongle" idea (e.g., Dallas Semiconductor buttons, etc.) has been
around for a long time. Here's a new twist: the Apple iPod music
player. I just got one. A 4.6 GB hard disk (Toshiba 1.8"). Hooks up via
Firewire/IEEE 1394, with the link recharging the battery and
auto-linking. The disk can also be mounted as a standard Firewire disk.
Meaning, it could be used to store key material and even be used for
PGP scratch operations. The increased security comes from its small
size (easy to lock up) and because I usually have it with me when I am
away from home. This makes "sneak and peek" searches and plants of
malicious code less useful. Not a complete solution. Crypto hygiene and
all.

-End Original Message-

An even better solution: a USB compact flash card reader. $30 at CompUSA or other fine 
electronics retailers, and $20 or less for a 16 MB compact flash card. This way more 
space than any normal person is going to need for PGP keyrings, with enough room left 
for your randseed file and other stuff like that, and at a price ($50 or so) that most 
anyone can afford. It is also transportable from computer to computer, so you could 
use it sneakernet style if you wanted to, especially if you get more/larger cards. 
256MB cards are available for about $200, and a 1GB Microdrive runs around $400. 
Either of these could be carried in various orifices in extreme circumstances. :-)